Hot stuff

Microsoft Exchange servers compromised by Turla APT

APT, backdoor, cyber espionage, data theft, Don't miss, Hot stuff, Microsoft, News, Ukraine /

Microsoft Exchange servers compromised by Turla APT 20/07/2023 at 15:17 By Helga Labus Turla has been targeting defense sector organizations in Ukraine and Eastern Europe with DeliveryCheck and Kazuar backdoors / infostealers and has been using compromised Microsoft Exchange servers to control them. Turla APT Turla (aka Secret Blizzard, Snake, UAC-0003) is a sophisticated and […]

React to this headline:

Loading spinner

Microsoft Exchange servers compromised by Turla APT Read More »

Thanks Storm-0558! Microsoft to expand default access to cloud logs

APT, CISA, cloud security, Don't miss, enterprise, Government, government-backed attacks, Hot stuff, logging, Microsoft, Microsoft 365, News /

Thanks Storm-0558! Microsoft to expand default access to cloud logs 20/07/2023 at 13:31 By Zeljka Zorz Starting in September 2023, more federal government and commercial Microsoft customers will have access to expanded cloud logging capabilities at no additional charge, Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA) have announced on Wednesday. The announcements come

React to this headline:

Loading spinner

Thanks Storm-0558! Microsoft to expand default access to cloud logs Read More »

Why data travel is healthcare’s next big cybersecurity challenge

ClearDATA, Cloud, cybersecurity, data management, digital transformation, Don't miss, Encryption, Expert analysis, Expert corner, healthcare, Hot stuff, opinion /

Why data travel is healthcare’s next big cybersecurity challenge 20/07/2023 at 08:02 By Help Net Security Do you know where your patients’ data lives once it’s in the cloud? Unfortunately, for many healthcare organizations, the answer is no – or, at least, it’s not a definitive yes. Knowing how (or where) data is used, shared

React to this headline:

Loading spinner

Why data travel is healthcare’s next big cybersecurity challenge Read More »

A fresh look at the current state of financial fraud

cybercrime, cybersecurity, Don't miss, financial industry, fraud, Hot stuff, strategy, tips, Video /

A fresh look at the current state of financial fraud 20/07/2023 at 07:02 By Help Net Security In this Help Net Security video, Greg Woolf, CEO at FiVerity, discusses how the emergence of sophisticated fraud tools powered by AI and recent upheavals in the banking sector have forged an ideal environment for financial fraud. This

React to this headline:

Loading spinner

A fresh look at the current state of financial fraud Read More »

Cybersecurity measures SMBs should implement

cyberattack, Don't miss, Hot stuff, News, security awareness, security controls, SMBs /

Cybersecurity measures SMBs should implement 19/07/2023 at 13:33 By Helga Labus Small and medium-sized businesses (SMBs) are targeted by cyberattackers as much as large companies, the 2023 Verizon Data Breach Investigations Report (DBIR) has revealed; here are some cybersecurity controls they should prioritize. Company size does not matter to cyber attackers SMBs often underestimate their

React to this headline:

Loading spinner

Cybersecurity measures SMBs should implement Read More »

Citrix NetScaler zero-day exploited in the wild, patch is available (CVE-2023-3519)

0-day, Citrix, Don't miss, Hot stuff, News, security update, vulnerability /

Citrix NetScaler zero-day exploited in the wild, patch is available (CVE-2023-3519) 19/07/2023 at 12:34 By Helga Labus Citrix has patched three vulnerabilities (CVE-2023-3519, CVE-2023-3466, CVE-2023-3467) in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway), one of which is a zero-day being exploited by attackers. A zero-day patched (CVE-2023-3519) CVE-2023-3519 is a remote

React to this headline:

Loading spinner

Citrix NetScaler zero-day exploited in the wild, patch is available (CVE-2023-3519) Read More »

Trends in ransomware-as-a-service and cryptocurrency to monitor

Cryptocurrency, cybercrime, cybersecurity, data breach, Don't miss, Expert analysis, Expert corner, Hot stuff, opinion, Ransomware, WatchGuard /

Trends in ransomware-as-a-service and cryptocurrency to monitor 19/07/2023 at 08:02 By Help Net Security In January, law enforcement officials disrupted the operations of the Hive cybercriminal group, which profited off a ransomware-as-a-service (RaaS) business model. Hive is widely believed to be affiliated with the Conti ransomware group, joining a list of other groups associated with

React to this headline:

Loading spinner

Trends in ransomware-as-a-service and cryptocurrency to monitor Read More »

Using AI/ML to optimize your tech stack and enhance business efficiency

Artificial Intelligence, CIO, digital transformation, Don't miss, Features, Hot stuff, how-to, Lenovo, machine learning, News, opinion, regulation, strategy, tips /

Using AI/ML to optimize your tech stack and enhance business efficiency 19/07/2023 at 07:32 By Mirko Zorz In this Help Net Security interview, Arthur Hu, SVP, Global CIO and Services & Solutions Group CTO at Lenovo, discusses how AI/ML is optimizing tech stacks, the hurdles anticipated in its integration, the role of AI in enterprise

React to this headline:

Loading spinner

Using AI/ML to optimize your tech stack and enhance business efficiency Read More »

What to do (and what not to do) after a data breach

CISO, cybersecurity, data breach, Don't miss, Hot stuff, how-to, strategy, tips, Video /

What to do (and what not to do) after a data breach 19/07/2023 at 07:02 By Help Net Security Data breaches have been hitting the headlines left and right. Every time a breach occurs, the impacted organization’s response differs from the last. In this Help Net Security video, Rodman Ramezanian, Global Cloud Threat Lead at

React to this headline:

Loading spinner

What to do (and what not to do) after a data breach Read More »

Adobe ColdFusion vulnerabilities exploited to deliver web shells (CVE-2023-29298, CVE-2023-38203)

0-day, Adobe, Adobe ColdFusion, Don't miss, exploit, Hot stuff, News, Project Discovery, Rapid7, security update, vulnerability /

Adobe ColdFusion vulnerabilities exploited to deliver web shells (CVE-2023-29298, CVE-2023-38203) 18/07/2023 at 17:17 By Zeljka Zorz Attackers are exploiting two Adobe ColdFusion vulnerabilities (CVE-2023-29298, CVE-2023-38203) to breach servers and install web shells to enable persistent access and allow remote control of the system, according to Rapid7 researchers. Flaws with incomplete fixes On July 11, 2023,

React to this headline:

Loading spinner

Adobe ColdFusion vulnerabilities exploited to deliver web shells (CVE-2023-29298, CVE-2023-38203) Read More »

VirusTotal leaked data of 5,600 registered users

Data leak, Don't miss, enterprise, Google, Government, Hot stuff, News, social engineering, spear-phishing, user data, VirusTotal /

VirusTotal leaked data of 5,600 registered users 18/07/2023 at 15:47 By Helga Labus VirusTotal has suffered a data leak that exposed the names and email addresses of 5,600 of its registered users. The leaked data reportedly includes information about employees of US and German intelligence agencies (among others). VirusTotal data leak exposed exploitable information Google-owned

React to this headline:

Loading spinner

VirusTotal leaked data of 5,600 registered users Read More »

12 open-source penetration testing tools you might not know about

Don't miss, GitHub, Hot stuff, News, open source, penetration testing, Red Siege, software /

12 open-source penetration testing tools you might not know about 18/07/2023 at 07:34 By Mirko Zorz Red Siege has developed and made available many open-source tools to help with your penetration testing work. The company plans to continue to support the tools listed below, whether in the form of bug fixes or new features. Give

React to this headline:

Loading spinner

12 open-source penetration testing tools you might not know about Read More »

Critical XSS vulnerability in Zimbra exploited in the wild (CVE-2023-34192)

0-day, Don't miss, Hot stuff, News, open source, security update, Synacor, vulnerability /

Critical XSS vulnerability in Zimbra exploited in the wild (CVE-2023-34192) 17/07/2023 at 14:47 By Helga Labus A critical cross site scripting (XSS) vulnerability (CVE-2023-34192) in popular open source email collaboration suite Zimbra is being exploited by attackers. About the vulnerability (CVE-2023-34192) CVE-2023-34192 could allow a remote authenticated threat actor to execute arbitrary code through a

React to this headline:

Loading spinner

Critical XSS vulnerability in Zimbra exploited in the wild (CVE-2023-34192) Read More »

CISOs under pressure: Protecting sensitive information in the age of high employee turnover

access management, Artificial Intelligence, burnout, CISO, cybersecurity, Don't miss, Features, Gartner, Hot stuff, how-to, identity management, machine learning, News, NIST, opinion, remote working, security ROI, strategy, supply chain attacks, threats, tips, zero trust /

CISOs under pressure: Protecting sensitive information in the age of high employee turnover 17/07/2023 at 07:31 By Mirko Zorz In this Help Net Security interview, Charles Brooks, Adjunct Professor at Georgetown University’s Applied Intelligence Program and graduate Cybersecurity Programs, talks about how zero trust principles, identity access management, and managed security services are crucial for

React to this headline:

Loading spinner

CISOs under pressure: Protecting sensitive information in the age of high employee turnover Read More »

Real-world examples of quantum-based attacks

attacks, cybersecurity, Don't miss, Hot stuff, quantum computing, strategy, tips, Video /

Real-world examples of quantum-based attacks 17/07/2023 at 07:02 By Help Net Security Quantum computing is poised to revolutionize the way we secure and privatize data. It can potentially disrupt our existing encryption methods, endangering sensitive data from various sources in ways even beyond what we’ve experienced with AI. In this Help Net Security video, Tommaso

React to this headline:

Loading spinner

Real-world examples of quantum-based attacks Read More »

Meta’s Threads app used as a lure

Don't miss, EU, Hot stuff, Meta, mobile apps, Mysk, News, Threads, Veriti /

Meta’s Threads app used as a lure 14/07/2023 at 14:16 By Zeljka Zorz It was to be expected: As the buzz around Meta’s new microblogging platform Threads gained momentum, some individuals have stepped in to take advantage of the fact that the app still can’t formally serve users in the European Union (or China, or

React to this headline:

Loading spinner

Meta’s Threads app used as a lure Read More »

Unnamed APT eyes vulnerabilities in Rockwell Automation industrial contollers (CVE-2023-3595 CVE-2023-3596)

critical infrastructure, Don't miss, Dragos, energy sector, firmware, Hot stuff, ICS/SCADA, manufacturing sector, News, PLC, Rockwell Automation, security update, vulnerability /

Unnamed APT eyes vulnerabilities in Rockwell Automation industrial contollers (CVE-2023-3595 CVE-2023-3596) 13/07/2023 at 15:46 By Zeljka Zorz Rockwell Automation has fixed two vulnerabilities (CVE-2023-3595, CVE-2023-3596) in the communication modules of its ControlLogix industrial programmable logic controllers (PLCs), ahead of expected (and likely) in-the-wild exploitation. “An unreleased exploit capability leveraging these vulnerabilities is associated with an

React to this headline:

Loading spinner

Unnamed APT eyes vulnerabilities in Rockwell Automation industrial contollers (CVE-2023-3595 CVE-2023-3596) Read More »

Combatting data governance risks of public generative AI tools

Artificial Intelligence, ChatGPT, CISO, cybersecurity, data, data security, Don't miss, Expert analysis, Expert corner, generative AI, Hot stuff, Mindbreeze, opinion /

Combatting data governance risks of public generative AI tools 13/07/2023 at 08:02 By Help Net Security When companies utilize public generative AI tools, the models are refined on input data provided by the company. Regarding data security, unauthorized use of sensitive data or the accidental exposure of proprietary information can lead to reputational damage, legal

React to this headline:

Loading spinner

Combatting data governance risks of public generative AI tools Read More »

Attack Surface Management: Identify and protect the unknown

attack, CISO, cybersecurity, Don't miss, Hot stuff, NetSPI, penetration testing, Video /

Attack Surface Management: Identify and protect the unknown 13/07/2023 at 07:33 By Help Net Security In this Help Net Security video, Brianna McGovern, Product Manager, Attack Surface Management, NetSPI, discusses Attack Surface Management (ASM). Attack Surface Management detects known, unknown, and potentially vulnerable public-facing assets and changes to your attack surface that may introduce risk.

React to this headline:

Loading spinner

Attack Surface Management: Identify and protect the unknown Read More »

Chinese hackers forged authentication tokens to breach government emails

cloud security, cyber espionage, data theft, Don't miss, Europe, Government, Hot stuff, Microsoft, News, Outlook, USA, vulnerability /

Chinese hackers forged authentication tokens to breach government emails 12/07/2023 at 13:17 By Zeljka Zorz Sophisticated hackers have accessed email accounts of organizations and government agencies via authentication tokens they forged by using an acquired Microsoft account (MSA) consumer signing key, the company has revealed on Tuesday. “The threat actor Microsoft links to this incident

React to this headline:

Loading spinner

Chinese hackers forged authentication tokens to breach government emails Read More »

Scroll to Top